The following list provides a list of features supported by fabio.

Check outfabio.properties for a full list of config options.

fabio has support for writing access logs for HTTP requests. By default, access logs are disabled. To enable them setlog.access.target=stdout. This will write access logs in theCommon Log Format to stdout. The standard fabio logs are still written to stderr.

The log format can be controlled with thelog.access.format parameter which is eithercommon,combined - which outputs theCombined Log Format - or a custom format string which is fully described infabio.properties.

fabio has support for dynamic certificate stores which allow you to store or issue certificates in a central place and update them at runtime without restarting fabio. You can store certificates in files, directories, on HTTP servers inConsul or inVault.

SeeCertificate Stores for more detail.

To enable dynamic compression of responses when the client sets theAccept-Encoding: gzip header configure theproxy.gzip.contenttype property with a regular expression of the content types for which compression should beenabled.

To run fabio within Docker use the official Docker image and mount your own config file to/etc/fabio/fabio.properties

docker run -d -p 9999:9999 -p 9998:9998 -v $PWD/fabio/fabio.properties:/etc/fabio/fabio.properties fabiolb/fabio

If you want to run the Docker image with one or more SSL certificates thenyou can store your configuration and certificates in/etc/fabio and mountthe entire directory, e.g.

$ cat ~/fabio/fabio.propertiesproxy.addr=:443;/etc/fabio/ssl/mycert.pem;/etc/fabio/ssl/mykey.pemdocker run -d -p 443:443 -p 9998:9998 -v $PWD/fabio:/etc/fabio fabiolb/fabio

The official Docker image contains the root CA certificates from a recent and updatedUbuntu 12.04.5 LTS installation.

If you use GliderlabsRegistrator to register your servicesyou can pass theurlprefix- tags via theSERVICE_TAGS environment variable as follows:

$ docker run -d \    --name=registrator \    --net=host\           --volume=/var/run/docker.sock:/tmp/docker.sock \    gliderlabs/registrator:latest \    consul://localhost:8500$ docker run -d -p 80:8000 \    -e SERVICE_8000_CHECK_HTTP=/foo/healthcheck  \    -e SERVICE_8000_NAME=foo \    -e SERVICE_CHECK_INTERVAL=10s \    -e SERVICE_CHECK_TIMEOUT=5s  \    -e SERVICE_TAGS=urlprefix-/foo \    test/foo

If you are usingDocker compose you can add theSERVICE_TAGSto theenvironment section as follows:

bar:  environment:    - SERVICE_TAGS=urlprefix-/bar

fabio watches services in consul and reloads its configuration on every change without interrupting existing connections.

fabio supports a graceful shutdown timeout during which new requests will receive a503 Service Unavailable response while the active requests can complete. See theproxy.shutdownwait option in thefabio.properties file.

In addition, to injecting theForwarded andX-Real-Ip headers theX-Forwarded-For,X-Forwarded-Port andX-Forwarded-Proto headers are added to HTTP(S) and Websocket requests. Custom headers for the ip address and protocol can be configured with theproxy.header.clientip,proxy.header.tls andproxy.header.tls.value options.

To support HTTPS upstream servers add theproto=https option to theurlprefix- tag. The current implementation requires that upstream certificates need to be in the system root CA list. To disable certificate validation for a target set thetlsskipverify=true option.

urlprefix-/foo proto=httpsurlprefix-/foo proto=https tlsskipverify=true

fabio collects metrics per route and service instance as well as running totals to avoid computing large amounts of metrics. The metrics can be send toCirconus,Graphite,StatsD,DataDog (via statsd) or stdout. See themetrics.* options in thefabio.properties file.

Fabio reports the following metrics:

A timer counts events and provides an average throughput and latency number.Depending on the metrics provider the aggregation happens either in the metrics library(go-metrics: statsd, graphite) or in the system of the metrics provider (Circonus)

A counter counts events and provides an monotonically increasing value.

A gauge provides a current value.

{code} is the three digit HTTP status code like200.

{route} is a shorthand for the metrics name generated for a routewith themetrics.names template defined infabio.properties

fabio supports stripping a path from the incoming request. If you want to forwardhttp://host/foo/bar ashttp://host/bar you can add astrip=/foo option to the route options asurlprefix-/foo/bar strip=/foo.

fabio transparently supports the HA ProxyPROXY protocol version 1 which is used by HA Proxy,Amazon ELBand others to transmit the remote address and port of the client without using headers.

fabio detectsSSE connections if theAccept header is set totext/event-stream and enables automatic flushing of the response buffer to forward data to the client.The default is set to1s and can be configured with theproxy.flushinterval parameter.

fabio can run a transparent TCP proxy which dynamically forwards an incoming connection on a given portto services which advertise that port. To use TCP proxy support the service needs to advertiseurlprefix-:1234 proto=tcp in Consul. In addition, fabio needs to be configured to listen on that port:

fabio -proxy.addr ':1234;proto=tcp'

TCP proxy support can be combined withCertificate Stores to provide TLS termination on fabio.

fabio -proxy.cs 'cs=ssl;type=path;path=/etc/ssl' -proxy.addr ':1234;proto=tcp;cs=ssl'

fabio can run a transparent TCP proxy with SNI support which can forward any TLS connectionwithout re-encrypting the traffic. fabio captures theClientHello packet which is thefirst packet of the TLS handshake and extracts the server name from the SNI extension anduses it for finding the upstream server to forward the connection to. It then replays theClientHello packet and then transparently forwards all traffic between client and serveras a byte stream.

To enable this feature configure a listener as follows:

fabio -proxy.addr=':443;proto=tcp+sni'

to listen to more than 1 port separate with comma's (like if you want to do tcp and http listening):

fabio -proxy.addr ':9999,:19587;proto=tcp

This will do normal fabio http(s) routing on port 9999 and TCP proxy on port 19587.

and register your services inConsul with aurlprefix- tag thatmatches the host from the SNI extension. If your server responds tohttps://foo.com/...then you should register aurlprefix-foo.com/ tag for this service. Note that the tagshould only contain<host>/ since path-based routing is not possible with this approach.

fabio allows to control the amount of traffic a set of service instances willreceive. You can use this feature to direct a fixed percentage of traffic to anewer version of an existing service for testing ("Canary testing"). SeeManual Overrides for a complete description of theroute weight command.

The following command will allocate 5% of traffic towww.kjca.dev/auth/ toall instances ofservice-b which match tagsversion-15 anddc-fra. Thisis independent of the number of actual instances running. The remaining 95%of the traffic will be distributed evenly across the remaining instancespublishing the same prefix.

route weight service-b www.kjca.dev/auth/ weight 0.05 tags "version-15,dc-fra"

To send a request from the command line via the fabio usingcurlyou should send it as follows:

curl -v -H 'Host: foo.com' 'http://localhost:9999/path'

The-x or--proxy options will most likely not work as you expect as theysend the full URL instead of just the request URI which usually does not matchany route but the default one - if configured.

To trace how a request is routed you can add aTrace header with an non-empty value which is truncated at 16 characters to keep the log output short.

$ curl -v -H 'Trace: abc' -H 'Host: foo.com' 'http://localhost:9999/bar/baz'2015/09/28 21:56:26 [TRACE] abc Tracing foo.com/bar/baz2015/09/28 21:56:26 [TRACE] abc No match foo.com/bang2015/09/28 21:56:26 [TRACE] abc Match foo.com/2015/09/28 22:01:34 [TRACE] abc Routing to http://1.2.3.4:8080/

fabio can useVault as a secure key/value store to store certificates.As of 1.6.0 fabio can use the PKI support of Vault to generate TLS certificates on demand.Seefabio.properties andthe wiki for details.

fabio transparently supports Websocket connections by detecting theUpgrade: websocket header in the incoming HTTP(S) request. SeeWebsockets for more details.

fabio supports a Web UI to examine the current routing table and manage the manual overrides. By default it listens onhttp://0.0.0.0:9998/ which can be changed with theui.addr option. Theui.title andui.color options allow customization of the title and the color of the header bar.